CN114793199B - Message processing method, device and network equipment - Google Patents
Message processing method, device and network equipment Download PDFInfo
- Publication number
- CN114793199B CN114793199B CN202210326389.3A CN202210326389A CN114793199B CN 114793199 B CN114793199 B CN 114793199B CN 202210326389 A CN202210326389 A CN 202210326389A CN 114793199 B CN114793199 B CN 114793199B
- Authority
- CN
- China
- Prior art keywords
- message
- bandwidth management
- session table
- table entry
- forwarding chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 29
- 238000012545 processing Methods 0.000 claims abstract description 54
- 238000000034 method Methods 0.000 claims description 51
- 239000000284 extract Substances 0.000 claims description 11
- 230000006870 function Effects 0.000 description 14
- 238000004891 communication Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 9
- 230000009471 action Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- HRULVFRXEOZUMJ-UHFFFAOYSA-K potassium;disodium;2-(4-chloro-2-methylphenoxy)propanoate;methyl-dioxido-oxo-$l^{5}-arsane Chemical compound [Na+].[Na+].[K+].C[As]([O-])([O-])=O.[O-]C(=O)C(C)OC1=CC=C(Cl)C=C1C HRULVFRXEOZUMJ-UHFFFAOYSA-K 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0896—Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a message processing method, a message processing device and network equipment, wherein the network equipment comprises a CPU and a forwarding chip. The CPU receives the first message sent by the forwarding chip; extracting message characteristic information from the first message, and performing bandwidth management policy matching according to the message characteristic information; when the target bandwidth management strategy is matched, generating a session table item according to the message characteristic information and the target bandwidth management strategy; and issuing the session table entry to the forwarding chip, so that when the forwarding chip receives a new network message, if the new network message hits the session table entry, bandwidth management policy management is executed on the new network message according to the session table entry. Therefore, when the network equipment starts the bandwidth management function, the forwarding speed of the message in the network equipment is improved, and meanwhile, the processing performance of the message in the bandwidth management function is improved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, and a network device for processing a message.
Background
With the development of the network, when the gateway equipment forwards the message, the method comprises two modes of software forwarding and hardware forwarding. When software forwarding is performed, a processor executes a software algorithm to process and forward the message; when in hardware forwarding, the message is processed and forwarded by a hardware logic chip such as an FPGA (field programmable gate array ) or an ASIC (Application Specific Integrated Circuit, application specific integrated circuit). The software forwarding can realize more abundant functions, and the hardware forwarding has higher forwarding speed.
At present, the safety network equipment generally has a bandwidth management function, and the bandwidth management function can help a network manager to reasonably allocate bandwidth resources, improve the bandwidth utilization rate and avoid bandwidth exhaustion at the same time, so that the network operation quality is improved. When the gateway device does not start the bandwidth management function, the fast processing and forwarding of the message can be realized by using the hardware logic chip, and once the bandwidth management function is started, the hardware cannot support the identification of the characteristic information of the traffic and cannot execute the bandwidth management policy matching based on the characteristic information dimension, so that the message needs to be sent to a CPU (Central Processing Unit ) for processing, and the CPU executes the management and control of the bandwidth management policy aiming at the refinement by using the software. However, for a packet in one data stream, if the gateway device performs bandwidth management policy management and control, the packet in the data stream needs to be sent to the CPU for processing, and then software forwarding is performed. In this way, the processing of messages in the data stream by the gateway device is limited by the processing power of the processor, resulting in a significant reduction in the forwarding rate of the data stream in the gateway device. That is, once the bandwidth management function is turned on, there is often a face that the requirements of high throughput and low latency are not met. This is because once the bandwidth management policy for traffic is to be managed, only the messages can be sent to the CPU for software service processing, so that the high-speed message forwarding of the logic chip cannot be utilized, and the performance is greatly reduced.
Therefore, how to improve the forwarding speed of the message in the network device when the bandwidth management function is started, and improve the processing performance of the message when the bandwidth management function is simultaneously one of the technical problems to be considered.
Disclosure of Invention
In view of this, the present application provides a method, an apparatus, and a network device for processing a message, which are used to increase the forwarding speed of a message in the network device when a bandwidth management function is started, and simultaneously increase the processing performance of the message when the bandwidth management function is started.
Specifically, the application is realized by the following technical scheme:
according to a first aspect of the present application, a method for processing a message is provided, which is applied to a CPU in a network device, where the network device further includes a forwarding chip; the method comprises the following steps:
receiving a first message sent by the forwarding chip;
extracting message characteristic information from the first message, and performing bandwidth management policy matching according to the message characteristic information;
when the target bandwidth management strategy is matched, generating a session table item according to the message characteristic information and the target bandwidth management strategy;
and issuing the session table entry to the forwarding chip, so that when the forwarding chip receives a new network message, if the new network message hits the session table entry, bandwidth management policy management is executed on the new network message according to the session table entry.
According to a second aspect of the present application, a method for processing a message is provided, which is applied to a forwarding chip in a network device, where the network device further includes a CPU; the method comprises the following steps:
receiving a network message;
when the network message is confirmed to be the first message, the first message is sent to the CPU;
receiving a session table entry issued by the CPU, wherein the session table entry comprises a target bandwidth management strategy matched with message characteristic information in the first message;
receiving a new network message;
and if the new network message hits the session table entry, performing bandwidth management on the new network message according to the target bandwidth management strategy in the session table entry.
According to a third aspect of the present application, there is provided a packet processing device, provided in a central processing unit CPU in a network device, where the network device further includes a forwarding chip; the device comprises:
the receiving module is used for receiving the first message sent by the forwarding chip;
the matching module is used for extracting the message characteristic information from the first message and carrying out bandwidth management policy matching according to the message characteristic information;
the table entry generation module is used for generating a session table entry according to the message characteristic information and the target bandwidth management strategy when the matching module is matched with the target bandwidth management strategy;
and the sending module is used for sending the session table item to the forwarding chip so that when the forwarding chip receives a new network message, if the new network message hits the session table item, bandwidth management policy management is executed on the new network message according to the session table item.
According to a fourth aspect of the present application, there is provided a packet processing apparatus, provided in a forwarding chip in a network device, the network device further including a central processing unit CPU, the apparatus including:
the first receiving module is used for receiving the network message;
the sending module is used for sending the first message to the CPU when the network message is confirmed to be the first message;
the second receiving module is used for receiving a session table item issued by the CPU, wherein the session table item comprises a target bandwidth management strategy matched with the message characteristic information in the first message;
the first receiving module is further configured to receive a new network packet;
and the bandwidth management module is used for executing bandwidth management on the new network message according to the target bandwidth management strategy in the session table entry if the new network message hits the session table entry.
According to a fifth aspect of the present application, there is provided a network device, including a central processing unit CPU and a forwarding chip, where the CPU is configured to execute the packet processing method provided in the first aspect, and the forwarding chip is configured to execute the packet processing method provided in the second aspect.
According to a sixth aspect of the present application there is provided a machine-readable storage medium storing a computer program which, when invoked and executed by a processor, causes the processor to perform the method provided by the first aspect of the embodiments of the present application.
The beneficial effects of the embodiment of the application are that:
in the message processing method and device provided by the embodiment of the application, after receiving the first message sent by the forwarding chip, the CPU extracts the message characteristic information from the first message, and performs bandwidth management policy matching according to the message characteristic information; when the target bandwidth management strategy is matched, generating a session table item according to the message characteristic information and the target bandwidth management strategy; and issuing the session table entry to the forwarding chip. Thus, when the forwarding chip receives a new network message, if the new network message hits the session table entry, bandwidth management policy management is executed on the new network message according to the session table entry. Therefore, the forwarding chip does not need to send the subsequent network messages of the data stream to which the first message belongs to the CPU one by one for identification processing, and only needs to execute bandwidth management and message forwarding operation on the subsequent network messages based on the session table entry, so that the forwarding rate of the messages is greatly improved, and meanwhile, the effect of bandwidth management is also improved. That is, when the network device starts the bandwidth management function, the above flow is adopted, so that the forwarding speed of the message in the network device is improved, and meanwhile, the processing performance of the message in the bandwidth management function is also improved.
Drawings
Fig. 1 is a flow chart of a message processing method provided in an embodiment of the present application;
FIG. 2 is a flow chart of another message processing method according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of a message processing apparatus according to an embodiment of the present application;
FIG. 4 is a schematic structural diagram of another message processing apparatus according to an embodiment of the present disclosure;
fig. 5 is a schematic hardware structure of a network device for implementing a message processing method according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with aspects as described herein.
The terminology used in the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the present application. As used in this application, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the corresponding listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, a first message may also be referred to as a second message, and similarly, a second message may also be referred to as a first message, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
The message processing method provided in the present application is described in detail below.
Referring to fig. 1, fig. 1 is a flowchart of a message processing method provided in the present application, where the method is applied to a CPU in a network device, and the network device further includes a forwarding chip. It should be noted that the network device may be, but not limited to, a security gateway device or the like. When the CPU in the network equipment implements the message processing method, the method can comprise the following steps:
s101, receiving a first message sent by a forwarding chip.
In this step, the first packet may be a first packet of each data flow identified by the forwarding chip. In order to avoid the problems that the processing pressure of a CPU is high and the forwarding performance of the message is affected because the CPU recognizes each received message because all messages of the same data stream are uploaded to the CPU, the application proposes that after receiving each data stream from the outside, a forwarding chip recognizes the first message of the data stream and then only sends the first message of the data stream to the CPU. Because the first message of each data stream and the network message subsequent to the first message have related information, the forwarding chip only needs to send the first message to the CPU for identification, and does not need to identify all the messages of the data stream to the CPU, thereby not only ensuring the message forwarding performance, but also realizing the bandwidth management of the data stream.
S102, extracting message characteristic information from the first message, and performing bandwidth management policy matching according to the message characteristic information.
In this step, after receiving the first message, the CPU extracts the message feature information from the first message, and for bandwidth management, performs bandwidth management policy matching by using the message feature information, that is, performs multi-dimensional information identification and policy multi-dimensional information matching, and the specific matching method may be performed by using the identification method provided at present, so that the bandwidth management policy that the first message conforms to may be matched.
S103, when the target bandwidth management strategy is matched, generating a session table item according to the message characteristic information and the target bandwidth management strategy.
In this step, when the target bandwidth management policy is matched, it indicates that bandwidth management needs to be performed on a subsequent network packet in the data stream to which the first packet belongs, and in order to implement bandwidth management and not require the CPU to match the foregoing subsequent network packet to affect the forwarding rate of the packet, this step proposes that the CPU generates a session table entry according to the characteristic information of the packet and the matched target bandwidth management policy. Specifically, the same target characteristic information and target bandwidth management policy between the characteristic information of the first message and the subsequent network message in the data stream to which the first message belongs may be written into the session table entry.
And S104, the session table item is issued to the forwarding chip, so that when the forwarding chip receives a new network message, if the new network message hits the session table item, bandwidth management policy management is executed on the new network message according to the session table item.
In this step, in order to realize normal forwarding of each data stream except for the first message, the CPU sends the generated session table entry to the forwarding chip. Therefore, when the forwarding chip processes the subsequent network message of the data stream to which the first message belongs, bandwidth management and message forwarding of the subsequent network message can be realized according to the session table entry.
By implementing the message processing method provided by the application, after receiving the first message sent by the forwarding chip, the CPU extracts the message characteristic information from the first message and performs bandwidth management policy matching according to the message characteristic information; when the target bandwidth management strategy is matched, generating a session table item according to the message characteristic information and the target bandwidth management strategy; and issuing the session table entry to the forwarding chip. Thus, when the forwarding chip receives a new network message, if the new network message hits the session table entry, bandwidth management policy management is executed on the new network message according to the session table entry. Therefore, the forwarding chip does not need to send the subsequent network messages of the data stream to which the first message belongs to the CPU one by one for identification processing, and only needs to execute bandwidth management and message forwarding operation on the subsequent network messages based on the session table entry, so that the forwarding rate of the messages is greatly improved, and meanwhile, the effect of bandwidth management is also improved.
Optionally, the message characteristic information may include, but is not limited to, five-tuple information, user characteristic information, and the like. The five-tuple information may include, but is not limited to, an input interface, an output interface, a source IP address, a destination IP address, etc., and the user characteristic information includes information such as a source security area, a destination security area, a source IP address area, a destination IP address area, a user, a service, an application, a time period, a packet DSCP priority, etc.
On this basis, step S103 may be performed according to the following procedure: and generating a session table entry according to the quintuple information and the policy identification of the target bandwidth management policy.
Specifically, in order to avoid that the contents of the session table entry occupy more communication resources between the excessive CPU and the forwarding chip, and improve the transmission speed of the session table entry between the CPU and the forwarding chip, the embodiment proposes that quintuple information is extracted from the message feature information, then a policy identifier of a target bandwidth management policy matched with the message feature information is determined, and then the session table entry is formed based on the quintuple information and the policy identifier.
On the basis, the message processing method provided by the embodiment further comprises the following steps: and issuing bandwidth management strategies to the forwarding chip in advance.
Specifically, in order to avoid the problems of high processing pressure and influence on the forwarding speed of the messages caused by processing all messages of each data stream by the CPU, the CPU may send the current bandwidth management policy to the forwarding chip in advance, so that the forwarding chip receives the bandwidth management policy and stores the bandwidth management policy locally, after receiving the session table entry including the correspondence between the quintuple information and the policy identifier, the subsequent forwarding chip may extract the quintuple information from the new network message when receiving the new network message, and then match the session table entry with the quintuple information, and when the matching is successful, may extract the policy identifier corresponding to the quintuple information that is successfully matched, then extract the corresponding target bandwidth management policy from the bandwidth management policy that is received in advance based on the extracted policy identifier, and then perform bandwidth management on the new network message by using the target bandwidth management policy, so as to forward the new network message according to the speed after bandwidth management.
In addition, when the CPU issues the bandwidth management policies to the forwarding chip, the CPU also sends policy entries of the bandwidth management policies to the forwarding chip, where the entries can record policy identifications of the bandwidth management policies to manage each bandwidth management policy.
Based on any of the above embodiments, in this embodiment, step S104 may be performed according to the following procedure: and transmitting the session table item to the forwarding chip through a driving interface. Specifically, the forwarding chip and the CPU communicate through a driving interface, so that the CPU can forward through the driving interface when sending the session table entry to the forwarding chip.
Similarly, the step of issuing bandwidth management policies to the forwarding chip in advance may be performed according to the following procedure: and issuing a bandwidth management strategy to the forwarding chip in advance through a driving interface.
It should be noted that, after the CPU receives the first packet, if the first packet is not matched with the bandwidth management policy, it indicates that the data flow to which the first packet belongs does not need to perform bandwidth management and control, then a session table entry may be generated, where the session table entry does not include the bandwidth management policy, so when the forwarding chip receives the network packet, if the session table entry is hit, the forwarding processing may be directly performed on the network packet, and thus missing matching of the network packet is prevented.
Based on the same inventive concept, the embodiment also provides a message processing method, which is applied to a forwarding chip in a network device, wherein the network device further comprises a CPU, and the forwarding chip can execute the message processing method according to the flow shown in fig. 2, and the method comprises the following steps:
s201, receiving a network message.
And S202, when the network message is confirmed to be the first message, the first message is sent to the CPU.
In this step, the forwarding chip performs recognition processing on the externally received network packet, and when recognizing that the network packet is a first packet, that is, a first packet of a certain data stream, the forwarding chip sends the first packet to the CPU, so that the CPU performs recognition processing, and the policy recognition process of the CPU may refer to the relevant description of the CPU, which is not described in detail herein.
S203, receiving a session table item issued by the CPU, wherein the session table item comprises a target bandwidth management strategy matched with the message characteristic information in the first message.
In this step, the forwarding chip may receive the session table entry issued by the CPU through a driving interface between the forwarding chip and the forwarding chip. The session table item comprises a target bandwidth management strategy matched with the characteristic information of the message in the first message.
S204, receiving a new network message.
S205, if the new network message hits the session table entry, bandwidth management is performed on the new network message according to the target bandwidth management policy in the session table entry.
In this step, the forwarding chip continuously receives new network messages, when receiving new network messages, extracts message characteristic information from the new network messages, matches session table items by using the extracted message characteristic information,
it should be noted that, the forwarding chip may receive multiple data streams simultaneously, and correspondingly, the forwarding chip may send the first messages of each data stream to the CPU, and correspondingly, the CPU may also send a corresponding number of session table entries, and the forwarding chip may store the received session table entries in the session table entry list, so after the forwarding chip receives the network message, the forwarding chip may use the message feature information in the network message to match the session table entry list, and then execute bandwidth management on the network message according to the matched bandwidth management policy.
It should be noted that, the message processing method provided in this embodiment further includes: for each data stream, after the forwarding chip processes the last network message of the data stream according to the flow shown in fig. 2, deleting the session table entry corresponding to the first message of the local data stream. For example, the session table entry corresponding to the message characteristic information of the first message of the data stream may be deleted from the session table entry list.
Optionally, based on any of the foregoing embodiments, in this embodiment, the session table entry in the new network packet may be confirmed according to the following method: extracting message characteristic information from the new network message; matching the session table item by utilizing the message characteristic information; and when the matching is successful, confirming that the new network message hits the session table item.
Specifically, the session table entry issued by the CPU may include a correspondence between the packet feature information and the target bandwidth management policy, so that after the forwarding chip receives the new network packet, the forwarding chip may extract the packet feature information from the new network packet, and then match the session table entry with the packet feature information, and when the matching is successful, it indicates that the new network packet hits the session table entry.
Optionally, in order to save storage resources of the session table entry and transmission speed of the session table entry, the session table entry received by the forwarding chip may include a correspondence between quintuple information and a target bandwidth management policy, so that after receiving a new network packet, the forwarding chip may extract the quintuple information from the new network packet, and then match the session table entry with the quintuple information, and when the session table entry includes the quintuple information, it indicates that the network packet matches the session table entry.
Optionally, the session table entry includes a correspondence between policy identifiers of the target bandwidth management policy matched by the message feature information in the first message. Based on any one of the foregoing embodiments, the method for processing a message provided in this embodiment further includes: and receiving the bandwidth management strategy issued by the CPU.
Specifically, the CPU will issue the bandwidth management policies currently existing to the forwarding chip in advance, and issue policy entries for managing each bandwidth management policy to the forwarding chip at the same time, where policy identifiers of each bandwidth management policy are recorded in the policy entries, and policy identifiers corresponding to different bandwidth management policies are different.
On this basis, the forwarding chip may perform step S205 according to the following procedure: inquiring the target bandwidth management strategy from the bandwidth management strategy issued by the CPU according to the strategy identification; and executing bandwidth management on the new network message according to the target bandwidth management strategy.
Specifically, after the forwarding chip matches the session table entry, the policy identifier may be extracted from the matched session table entry, and then the bandwidth management policy corresponding to the policy identifier, that is, the target bandwidth management policy, is locally extracted from the forwarding chip, so that the forwarding chip may perform bandwidth management on the new network packet by using the extracted target bandwidth policy.
The method comprises the steps that through implementing a message processing method on the forwarding chip side, the forwarding chip reports a first message of each data stream to a CPU, the CPU matches a target bandwidth management strategy corresponding to the first message according to message characteristic information in the received first message, and then the target bandwidth management strategy is issued to the forwarding chip in a session table entry mode, so that when the forwarding chip receives a new network message after receiving the session table entry, if the network message hits the session table entry, bandwidth management and message forwarding are carried out on the network message by utilizing the target bandwidth management strategy in the session table entry. Therefore, the CPU in the network equipment does not need to execute the work of identifying and matching all the messages in each data stream one by one, thereby greatly reducing the message processing pressure of the CPU and improving the forwarding rate of the messages.
It should be noted that, when the forwarding chip performs bandwidth management on the new network packet according to the bandwidth management policy, the forwarding chip may, but is not limited to, perform speed limiting processing on the new network packet according to the bandwidth management policy that requires speed limiting, and so on.
It should be noted that, when the new network packet is not matched with the session table entry, the new network packet may be directly forwarded, which indicates that the new network packet does not need to perform bandwidth management. In addition, some bandwidth management policies may be network messages that do not forward the data flow, and when the forwarding chip confirms that the network message that subsequently receives the data flow hits the corresponding session table entry, the network message is discarded.
In order to better understand the message processing method provided in any embodiment of the present application, a network device is configured with 2 bandwidth management policies for illustration, where the 2 bandwidth management policies include a policy one and a policy two, where the policy one is a speed limit 100M, and the policy two is a speed limit 200M, after receiving a data stream 1 with an IP1 address, a forwarding chip identifies a first message 1 of the data stream 1, and then reports the first message 1 to the forwarding chip, and when a CPU obtains a session table entry 1 according to a flow shown in fig. 1, for example, the session table entry 1 corresponds to the policy one, the session table entry 1 is sent to the forwarding chip, so that the forwarding chip hits the session table entry 1 after receiving a subsequent network message of the data stream 1, and then performs speed limit processing on the network message according to the policy one; similarly, after receiving the data stream 2 with the IP2 address, the forwarding chip identifies the first packet 2 of the data stream 2, then reports the first packet 2 to the forwarding chip, and when the CPU obtains the session table 2 according to the flow shown in fig. 1, for example, the session table 2 corresponds to the policy two, the session table 2 is sent to the forwarding chip, so that after receiving the subsequent network packet of the data stream 2, the forwarding chip hits the session table 2, and then performs speed limiting processing on the network packet according to the policy two.
Therefore, the processing performance of the message service is greatly improved through the software cooperative processing based on the forwarding chip (hardware logic chip) and the CPU, the performance of the network equipment is greatly improved when the bandwidth management function is started, and the high-throughput low-delay deployment requirement of a large-scale network outlet is met.
It should be noted that, when the network device in any of the above embodiments of the present application is a network security device, the network security device may be, but not limited to, a security gateway device, for example, a firewall device, etc.
Based on the same inventive concept, the application also provides a message processing device corresponding to the message processing method of the CPU side. The implementation of the message processing apparatus may refer to the description of the message processing method by the CPU, which is not discussed here.
Referring to fig. 3, fig. 3 is a schematic diagram of a message processing apparatus according to an exemplary embodiment of the present application, which is disposed in a central processing unit CPU in a network device, where the network device further includes a forwarding chip; the device comprises:
a receiving module 301, configured to receive a first packet sent by the forwarding chip;
the matching module 302 is configured to extract message feature information from the first message, and perform bandwidth management policy matching according to the message feature information;
a table entry generating module 303, configured to generate a session table entry according to the message characteristic information and the target bandwidth management policy when the matching module matches the target bandwidth management policy;
and the sending module 304 is configured to send the session table entry to the forwarding chip, so that when the forwarding chip receives a new network packet, if the new network packet hits the session table entry, bandwidth management policy management is performed on the new network packet according to the session table entry.
Optionally, in this embodiment, the message feature information includes five-tuple information; the table entry generation module 303 is specifically configured to generate the session table entry according to the quintuple information and the policy identifier of the target bandwidth management policy.
Optionally, the sending module 304 is further configured to issue a bandwidth management policy to the forwarding chip in advance.
Optionally, the sending module 304 is specifically configured to send the session table entry to the forwarding chip through a driving interface; and/or, issuing bandwidth management strategies to the forwarding chip in advance through a driving interface.
Based on the same inventive concept, the application also provides a message processing device corresponding to the message processing method of the forwarding chip side. The implementation of the message processing device can refer to the description of the message processing method by the forwarding chip, and will not be discussed here.
Referring to fig. 4, fig. 4 is a message processing apparatus provided in an exemplary embodiment of the present application, where the message processing apparatus is disposed in a forwarding chip in a network device, and the network device further includes a central processing unit CPU, where the apparatus includes:
a first receiving module 401, configured to receive a network packet;
a sending module 402, configured to send the first packet to the CPU when it is confirmed that the network packet is the first packet;
a second receiving module 403, configured to receive a session table entry sent by the CPU, where the session table entry includes a target bandwidth management policy matched with the message feature information in the first message;
the first receiving module 401 is further configured to receive a new network packet;
and the bandwidth management module 404 is configured to execute bandwidth management on the new network packet according to a target bandwidth management policy in the session table if the new network packet hits the session table.
Optionally, based on the foregoing embodiment, the bandwidth management module 404 is specifically configured to confirm that the new network packet hits the session table entry according to the following method: extracting message characteristic information from the new network message; matching the session table item by utilizing the message characteristic information; and when the matching is successful, confirming that the new network message hits the session table item.
Optionally, based on the foregoing embodiment, the message feature information in this embodiment includes five-tuple information, and the session table entry includes a correspondence between the five-tuple information and a policy identifier of the target management policy;
on this basis, the bandwidth management module 404 is specifically configured to confirm that the matching is successful according to the following method: and if the session table entry comprises quintuple information in the message characteristic information, confirming that the session table entry is successfully matched.
Optionally, based on the foregoing embodiment, in this embodiment, the session table entry includes a policy identifier of a target bandwidth management policy matched with the message feature information in the first message.
On the basis, the message processing device provided in this embodiment further includes:
a third receiving module (not shown in the figure) for receiving the bandwidth management policy issued by the CPU;
the bandwidth management module 404 is specifically configured to query the target bandwidth management policy from the bandwidth management policies issued by the CPU according to the policy identifier; and executing bandwidth management on the new network message according to the target bandwidth management strategy.
Based on the same inventive concept, the embodiment of the present application provides a network device, as shown in fig. 5, where the network device includes a Central Processing Unit (CPU) 500, a forwarding chip 501, and a machine-readable storage medium 502, where the machine-readable storage medium 502 stores a computer program capable of being executed by the CPU 500, and the CPU 500 is caused by the computer program to execute a packet processing method provided by any embodiment on the CPU side of the present application, and the forwarding chip 501 is configured to execute the packet processing method provided by any embodiment on the forwarding chip side of the present application. The network device further comprises a communication interface 503 and a communication bus 504, wherein the processor 500, the forwarding chip 501, the communication interface 503, and the machine readable storage medium 502 perform communication with each other via the communication bus 504.
The communication bus mentioned by the above network device may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface is used for communication between the network device and other devices.
The machine-readable storage medium 502 may be a Memory, which may include random access Memory (Random Access Memory, RAM), DDR SRAM (Double Data Rate Synchronous Dynamic Random Access Memory, double rate synchronous dynamic random access Memory), or Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The forwarding chip may be a digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components.
For network devices and machine-readable storage medium embodiments, the description is relatively simple, as far as reference is made to a part of the description of the method embodiments, since the method content involved is substantially similar to the method embodiments described above.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The implementation process of the functions and roles of each unit/module in the above device is specifically shown in the implementation process of the corresponding steps in the above method, and will not be repeated here.
For the device embodiments, reference is made to the description of the method embodiments for the relevant points, since they essentially correspond to the method embodiments. The above described apparatus embodiments are merely illustrative, wherein the units/modules illustrated as separate components may or may not be physically separate, and the components shown as units/modules may or may not be physical units/modules, i.e. may be located in one place, or may be distributed over a plurality of network units/modules. Some or all of the units/modules may be selected according to actual needs to achieve the purposes of the present application. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
The foregoing description of the preferred embodiments of the present invention is not intended to limit the invention to the precise form disclosed, and any modifications, equivalents, improvements and alternatives falling within the spirit and principles of the present invention are intended to be included within the scope of the present invention.
Claims (11)
1. The message processing method is characterized by being applied to a CPU in network equipment, wherein the network equipment also comprises a forwarding chip; the method comprises the following steps:
receiving a first message sent by the forwarding chip;
extracting message characteristic information from the first message, and performing bandwidth management policy matching according to the message characteristic information;
when the target bandwidth management strategy is matched, generating a session table item according to the message characteristic information and the target bandwidth management strategy;
and issuing the session table entry to the forwarding chip, so that when the forwarding chip receives a new network message, if the new network message hits the session table entry, bandwidth management policy management is executed on the new network message according to the session table entry.
2. The method of claim 1, wherein the message characteristic information comprises five-tuple information;
generating a session table entry according to the message characteristic information and the target bandwidth management policy, including:
and generating the session table entry according to the quintuple information and the policy identifier of the target bandwidth management policy.
3. The method as recited in claim 2, further comprising:
and issuing bandwidth management strategies to the forwarding chip in advance.
4. The method of claim 3, wherein issuing the session table entry to the forwarding chip comprises:
the session table item is issued to the forwarding chip through a driving interface;
and/or the number of the groups of groups,
the bandwidth management strategy is issued to the forwarding chip in advance, and the bandwidth management strategy comprises the following steps:
and issuing a bandwidth management strategy to the forwarding chip in advance through a driving interface.
5. The message processing method is characterized by being applied to a forwarding chip in network equipment, wherein the network equipment also comprises a CPU; the method comprises the following steps:
receiving a network message;
when the network message is confirmed to be the first message, the first message is sent to the CPU, so that the CPU extracts message characteristic information from the first message, and bandwidth management strategy matching is carried out according to the message characteristic information; when the target bandwidth management strategy is matched, generating a session table item according to the message characteristic information and the target bandwidth management strategy;
receiving a session table entry issued by the CPU, wherein the session table entry comprises a target bandwidth management strategy matched with message characteristic information in the first message;
receiving a new network message;
and if the new network message hits the session table entry, performing bandwidth management on the new network message according to the target bandwidth management strategy in the session table entry.
6. The method of claim 5, wherein the new network message is acknowledged as the session table entry by:
extracting message characteristic information from the new network message;
matching the session table item by utilizing the message characteristic information;
and when the matching is successful, confirming that the new network message hits the session table item.
7. The method of claim 6, wherein the message characteristic information comprises quintuple information, and the session table entry comprises a correspondence between quintuple information and a policy identifier of a target management policy;
the success of the matching was confirmed according to the following method:
and if the session table entry comprises quintuple information in the message characteristic information, confirming that the session table entry is successfully matched.
8. The method of claim 5, wherein the session table entry includes a policy identifier of a target bandwidth management policy to which the message characteristic information in the first message matches; the method further comprises the steps of:
receiving a bandwidth management strategy issued by the CPU;
performing bandwidth management on the new network message according to the target bandwidth management policy in the session table entry, including:
inquiring the target bandwidth management strategy from the bandwidth management strategy issued by the CPU according to the strategy identification;
and executing bandwidth management on the new network message according to the target bandwidth management strategy.
9. The message processing device is characterized by being arranged in a Central Processing Unit (CPU) in network equipment, wherein the network equipment also comprises a forwarding chip; the device comprises:
the receiving module is used for receiving the first message sent by the forwarding chip;
the matching module is used for extracting the message characteristic information from the first message and carrying out bandwidth management policy matching according to the message characteristic information;
the table entry generation module is used for generating a session table entry according to the message characteristic information and the target bandwidth management strategy when the matching module is matched with the target bandwidth management strategy;
and the sending module is used for sending the session table item to the forwarding chip so that when the forwarding chip receives a new network message, if the new network message hits the session table item, bandwidth management policy management is executed on the new network message according to the session table item.
10. A message processing apparatus, which is disposed in a forwarding chip in a network device, the network device further comprising a central processing unit CPU, the apparatus comprising:
the first receiving module is used for receiving the network message;
the sending module is used for sending the first message to the CPU when the network message is confirmed to be the first message, so that the CPU extracts the message characteristic information from the first message and carries out bandwidth management policy matching according to the message characteristic information; when the target bandwidth management strategy is matched, generating a session table item according to the message characteristic information and the target bandwidth management strategy;
the second receiving module is used for receiving a session table item issued by the CPU, wherein the session table item comprises a target bandwidth management strategy matched with the message characteristic information in the first message;
the first receiving module is further configured to receive a new network packet;
and the bandwidth management module is used for executing bandwidth management on the new network message according to the target bandwidth management strategy in the session table entry if the new network message hits the session table entry.
11. The network equipment is characterized by comprising a Central Processing Unit (CPU) and a forwarding chip, wherein the CPU is used for executing the message processing method according to any one of claims 1 to 4, and the forwarding chip is used for executing the message processing method according to any one of claims 5 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210326389.3A CN114793199B (en) | 2022-03-30 | 2022-03-30 | Message processing method, device and network equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210326389.3A CN114793199B (en) | 2022-03-30 | 2022-03-30 | Message processing method, device and network equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114793199A CN114793199A (en) | 2022-07-26 |
| CN114793199B true CN114793199B (en) | 2024-02-09 |
Family
ID=82461553
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210326389.3A Active CN114793199B (en) | 2022-03-30 | 2022-03-30 | Message processing method, device and network equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114793199B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117097678B (en) * | 2023-10-20 | 2024-01-26 | 深圳华云信息系统科技股份有限公司 | Streaming forwarding method, device, equipment and storage medium of fragmented messages |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102299846A (en) * | 2011-08-19 | 2011-12-28 | 杭州华三通信技术有限公司 | Method for transmitting BFD (Bidirectional Forwarding Detection) message and equipment |
| CN104168222A (en) * | 2014-07-15 | 2014-11-26 | 杭州华三通信技术有限公司 | Message transmission method and device |
| CN104348727A (en) * | 2013-08-05 | 2015-02-11 | 杭州华三通信技术有限公司 | Method and equipment for processing flow table item in OpenFlow network |
| CN105337890A (en) * | 2014-07-16 | 2016-02-17 | 杭州迪普科技有限公司 | Control strategy generation method and apparatus |
| CN105490961A (en) * | 2014-09-19 | 2016-04-13 | 杭州迪普科技有限公司 | Message processing method, and device and network device |
| CN107124402A (en) * | 2017-04-12 | 2017-09-01 | 杭州迪普科技股份有限公司 | A kind of method and apparatus of packet filtering |
| CN111478851A (en) * | 2020-02-29 | 2020-07-31 | 新华三信息安全技术有限公司 | Message processing method and device |
| CN112333097A (en) * | 2020-09-29 | 2021-02-05 | 新华三信息安全技术有限公司 | Message forwarding method and device and gateway equipment |
| WO2022057647A1 (en) * | 2020-09-15 | 2022-03-24 | 华为技术有限公司 | Packet processing method, system, and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103220215B (en) * | 2013-04-25 | 2015-10-07 | 杭州华三通信技术有限公司 | The retransmission method of FCoE message and device in TRILL network |
-
2022
- 2022-03-30 CN CN202210326389.3A patent/CN114793199B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102299846A (en) * | 2011-08-19 | 2011-12-28 | 杭州华三通信技术有限公司 | Method for transmitting BFD (Bidirectional Forwarding Detection) message and equipment |
| CN104348727A (en) * | 2013-08-05 | 2015-02-11 | 杭州华三通信技术有限公司 | Method and equipment for processing flow table item in OpenFlow network |
| CN104168222A (en) * | 2014-07-15 | 2014-11-26 | 杭州华三通信技术有限公司 | Message transmission method and device |
| CN105337890A (en) * | 2014-07-16 | 2016-02-17 | 杭州迪普科技有限公司 | Control strategy generation method and apparatus |
| CN105490961A (en) * | 2014-09-19 | 2016-04-13 | 杭州迪普科技有限公司 | Message processing method, and device and network device |
| CN107124402A (en) * | 2017-04-12 | 2017-09-01 | 杭州迪普科技股份有限公司 | A kind of method and apparatus of packet filtering |
| CN111478851A (en) * | 2020-02-29 | 2020-07-31 | 新华三信息安全技术有限公司 | Message processing method and device |
| WO2022057647A1 (en) * | 2020-09-15 | 2022-03-24 | 华为技术有限公司 | Packet processing method, system, and device |
| CN112333097A (en) * | 2020-09-29 | 2021-02-05 | 新华三信息安全技术有限公司 | Message forwarding method and device and gateway equipment |
Non-Patent Citations (2)
| Title |
|---|
| Enio Kaljic ; Almir Maric ; Pamela Njemcevic.An implementation of a deeply programmable SDN switch based on a hybrid FPGA/CPU architecture.《2019 18th International Symposium INFOTEH-JAHORINA (INFOTEH)》.2019,全文. * |
| 基于国产龙芯CPU的高性能防火墙转发性能的研究与实现;陈绍黔;王湘新;幸雪初;肖晨阳;梁剑;;电脑知识与技术(第20期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114793199A (en) | 2022-07-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7529242B1 (en) | Routing network packets for multi-processor network flow analysis | |
| CN102255804B (en) | Message processing method, device and network equipment | |
| CN106713144B (en) | Reading and writing method of message outlet information and forwarding engine | |
| CN107580079B (en) | Message transmission method and device | |
| CN107196776A (en) | A kind of method and apparatus of message forwarding | |
| CN109391566B (en) | Core board, control method and device of ETBN (Ethernet packet network) backbone network switch | |
| CN110932890B (en) | Data transmission method, server and computer readable storage medium | |
| CN101257457A (en) | Method for network processor to copy packet and network processor | |
| CN111597142A (en) | Network security acceleration card based on FPGA and acceleration method | |
| CN114793199B (en) | Message processing method, device and network equipment | |
| CN103188042A (en) | Matching method and matching accelerator of Internet protocol (IP) data package | |
| WO2022116953A1 (en) | Packet processing method, device, system, and storage medium | |
| CN109088957B (en) | NAT rule management method, device and equipment | |
| WO2023125380A1 (en) | Data management method and corresponding apparatus | |
| CN101110772B (en) | Device and method for handling message | |
| CN111740910A (en) | Message processing method and device, network transmission equipment and message processing system | |
| CN103414641B (en) | Neighbor table item release, device and the network equipment | |
| US8374185B2 (en) | Packet inspection device and method | |
| CN110808854A (en) | Message scheduling method and device and switch | |
| CN112929376A (en) | Flow data processing method and device, computer equipment and storage medium | |
| CN109587082A (en) | A kind of asynchronous repeater system of message based on (SuSE) Linux OS and method | |
| CN107070719A (en) | A kind of device management method and device | |
| CN107809385B (en) | Packet-In message triggering and control method | |
| CN112165537B (en) | Virtual IP method for ping reply | |
| CN103746768A (en) | Data packet identification method and equipment thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |